2009-09-25

Standard Bank spam

Just to show that I don't pay several hundred rand per month in fees for absolutely nothing, Standard Bank was kind enough to send me the following spam earlier this week. How do they expect me to take an e-mail from “Standardbank” that addresses me only as “Dr,” seriously? Somehow, I do not remember where I put the Tardis.

The message continues to be misleading and, generally, not helpful. The description of phishing

“a form of identity theft in which fraudsters masquerade as reputable institutions such as banks or retailers”

is not that useful since many readers might not know how easy it easy to register a domain name such as stundardbank.co.za which was available at the time of writing for R50/year and copy an entire website. Instead, we get the following waffle.

“These fraudsters then urge you to provide your sensitive information such as identity numbers, card numbers and PINs. They then use this information to defraud you.

Please remember that we will never ask you to update/confirm personal or secret information like PINs or passwords via an email or over the phone. We urge you to remain vigilant at all times.”

Actually, I think that Standard Bank asks me for my ID number on the telephone all the time. Have you tried refusing to give it? What about mentioning that all of the above can happen on an exact copy of the Standard Bank website? They continue with

“Never click on a link in an email that takes you to another website”

but their own e-mail contains two such links. Better advice would be to never click on a link in an e-mail message. Further, my Internet banking profile clearly states that I prefer plain text e-mail over HTML and my correspondence language with Standard Bank is Afrikaans. Would they not engender more trust by sending me a plain text message in Afrikaans? After all, phishing is all about confidence. But, please Standard Bank, do not send an update.